Uniquely Identifying PCBs, Subassemblies, and Packaging (opens in new tab)

(semiengineering.com)

34 pointsSemiTom5y ago10 comments

10 comments

This is very reminiscent of Physical Random/Unclonable Functions[1]. When creating identifiers like this it's very important that they be non-reproducible. The article nearly touched on this with random patterns, but the important distinction is that the process must not be reproducible by the manufacturer even if they wanted to.

In [1], they propose timing artifacts in FPGAs as a means to achieve this. I imagine that some of the random material embeddings in the article may achieve this in practice, though it's important to actually quantify it.

[1] https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.29...

crispyambulance5y ago

There's a common processing step in PCB manufacturing that occurs right after SMT (reflow soldering of components that have been placed on the PCB by a pick-and-place machine). It is known as AOI (automated optical inspection).

What happens during AOI is that a camera images every part of the PCB and then uses old school machine vision to identify problems like missing/misplaced/misoriented components, wrong parts, solder mishaps, and contamination/foreign-objects. In practice, it's not perfect, but it can detect gross problems and is valuable in high-volume or high-cost pcb's. The images are usually not stored, but processed "on the fly" by machine vision applications.

It's good to hear that Alitheon is taking this to the next level. As a MFG engineer, I've long felt that AOI has been under-utilized. There are multiple reasons to more fully analyze these images besides security concerns and given the low cost of storage, I think it's becoming not unreasonable to store entire imagesets of individual high-cost PCB's for the life-span of the product.

As for the big-picture of security, however, it really begins earlier in the supply chain before the components even arrive at the factory in reels. By the time that something gets to a factory, one can't do much more than read-out things like id's and perform functional screens. That's why manufacturers have, sometimes, long qualification processes before they even consider a new component or its vendor.

kurthr5y ago

Indeed, the challenge is storage of the information and immutability, since everyone needs to trust the database of unique IDs.

I hate to say it, but if you have connectivity (and directly connecting your production equipment to the internet seems foolish) then a distributed amongst manufacturers blockchain could provide the secure public database needed. It might be wise to batch the UIDs logged each shift to minimize contact and computation. Your test equipment (associated CPUs) could be searching for a new solution and separately upload the batch of UIDs each time it found one.

pabs35y ago

This reminds me of bunnie's talk on supply chain security:

https://www.bunniestudios.com/blog/?p=5519

userbinator5y ago

These are the enemies of right-to-repair and the third-party aftermarket.

fake-name5y ago

This isn't strictly true.

While traceability and tamper-proofing are prerequisites for preventing right-to-repair, they're also needed for things like maintaining supply-chain-integrity, which is becoming a adjacent, but different concern.

A lot of the things in the article (diamond dust in the coating,s, etc...) are basically just tamper detection, and even then they require someone to visually validate the PCB. I don't really have a problem with that kind of thing.

Lind55y ago

Questions about authenticity can occur at a supplier, with contractors to a supplier, or during the movement of components between contractors and to the customer. The types of anti-counterfeiting options to be used depend both on the value of the component and the consequences of fake components. But they all focus on the ability to uniquely identify a component so it can be tracked through final system assembly https://semiengineering.com/new-and-innovative-supply-chain-...

tsomctl5y ago

If anything, tamper detection is extremely important for things like CT scanners and nuclear warheads.

genericone5y ago

But potentially also the enemy of fake Amazon product sellers. And the enemy of that enemy is my friend.

m4635y ago

Amazon should do something like this - somehow - and fight fake products.

j / k navigate · click thread line to collapse